[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKEv2 AUTH payload

To: ipsec@lists.tislabs.com
Subject: IKEv2 AUTH payload
From: Kevin Li <kli@cisco.com>
Date: Fri, 09 Apr 2004 16:39:19 -0700
Organization: Cisco Systems
Sender: owner-ipsec@lists.tislabs.com
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113

Hi,

IKEv2-13 says that the entire IKE message (from the first octet to last octet of 
the paylod) will be signed. I am assuming that the AUTH payload is not included 
(even the nullified one -- all set to 0) for signature. It means that the AUTH 
payload will be the last one in the IKE message and message is signed up to the 
beggining of the AUTH payload.

Is above the right interpretation? If so, it may be a good idea to clarify this 
in the spec.

Thanks.

Kevin
Cisco Systems



============= Quote from IKEv2-13 --- Start

2.15 Authentication of the IKE_SA


    When not using extended authentication (see section 2.16), the peers
    are authenticated by having each sign (or MAC using a shared secret
    as the key) a block of data.  For the responder, the octets to be
    signed start with the first octet of the first SPI in the header of
    the second message and end with the last octet of the last payload in
    the second message.  Appended to this (for purposes of computing the
    signature) are the initiator's nonce Ni (just the value, not the
    payload containing it), and the value prf(SK_ar,IDr') where IDr' is
    the responder's ID payload excluding the fixed header. Note that
    neither the nonce Ni nor the value prf(SK_ar,IDr') are transmitted.

============ Quote from IKEv2-13 --- End

Prev by Date: Re: Question about Version Numbers
Next by Date: Re: Question on Issue#74: Inbound SA lookup - multicast & unicast
Previous by thread: RE: Question on Issue#74: Inbound SA lookup - multicast & unicast
Next by thread: Re: IKEv2 AUTH payload
Index(es):
- Date
- Thread